SIM cards are among the most widely-deployed computing platforms with
over 7 billion cards in active use, but little is known about their
security beyond manufacturer claims.
Besides SIM cards main purpose of identifying subscribers, most
of them provide programmable Java runtimes. Based on this flexibility,
SIM cards are poised to become an easily extensible trust anchor for
otherwise untrusted smartphones, embedded devices, and cars.
The protection pretense of SIM cards is based on the understanding
that they have never been exploited. This talk ends this myth of
unbreakable SIM cards and illustrates that the cards -- like any other
computing system -- are plagued by implementation and configuration